diff options
author | Andy Whitcroft <apw@canonical.com> | 2012-05-01 16:17:52 +0100 |
---|---|---|
committer | John Rigby <john.rigby@linaro.org> | 2012-06-20 20:12:47 -0600 |
commit | e2f5e399e7b20981a803af624917547b5160a636 (patch) | |
tree | 2d9356f19115b32056d5a4dd5818e224a6e44400 | |
parent | de4712a2c0a3cf0fbf221fabb54cc6c4e318ebc5 (diff) |
UBUNTU: ubuntu: overlayfs -- overlayfs: switch to use inode_only_permissions
When checking permissions on an overlayfs inode we do not take into
account either device cgroup restrictions nor security permissions.
This allows a user to mount an overlayfs layer over a restricted device
directory and by pass those permissions to open otherwise restricted
files.
Switch over to the newly introduced inode_only_permissions.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
-rw-r--r-- | fs/overlayfs/inode.c | 12 |
1 files changed, 1 insertions, 11 deletions
diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c index 86bf66346ad..1a8e232e2c6 100644 --- a/fs/overlayfs/inode.c +++ b/fs/overlayfs/inode.c @@ -105,19 +105,9 @@ int ovl_permission(struct inode *inode, int mask) if (is_upper && !IS_RDONLY(inode) && IS_RDONLY(realinode) && (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode))) goto out_dput; - - /* - * Nobody gets write access to an immutable file. - */ - err = -EACCES; - if (IS_IMMUTABLE(realinode)) - goto out_dput; } - if (realinode->i_op->permission) - err = realinode->i_op->permission(realinode, mask); - else - err = generic_permission(realinode, mask); + err = inode_only_permission(realinode, mask); out_dput: dput(alias); return err; |